- Get Started with Attack Surface Insights
- View Entities in Attack Surface Insights
- Search for Entities in Attack Surface Insights
- Edit Entities in Attack Surface Insights
- Entity Attributes
Attack Surface Insights Considerations
Review limitations, best practices, and other considerations to keep in mind when using Attack Surface Insights.
For Attack Surface Insights to analyze and extract entities from incoming logs, those logs must be properly parsed.
For Attack Surface Insights to enrich entities with context data, you must onboard context tables from a supported context source in Context Management. Currently, Attack Surface Insights can't enrich entities with context data from custom context tables.
If you configure multiple context sources, by default, Attack Surface Insights enriches entities with Microsoft Active Directory context data first, then context data from the next available context source. To ensure entities are enriched by another context source before Microsoft Active Directory, configure that context source first before you configure Microsoft Active Directory.
Attack Surface Insights can't differentiate between host names, device names, and IP addresses with the same name. Host names, device names, and IP addresses with the same name are considered a single account.
Site IDs are not supported.